diff --git a/.gitignore b/.gitignore index 0dd26ce5..e4e58fd0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ Thumbs.db _gitignore/ Vagrantfile .vagrant/ +/.idea dist/builds/ dist/release/ diff --git a/caddyhttp/internalsrv/internal.go b/caddyhttp/internalsrv/internal.go index aa7b69a8..089aa002 100644 --- a/caddyhttp/internalsrv/internal.go +++ b/caddyhttp/internalsrv/internal.go @@ -20,8 +20,10 @@ type Internal struct { } const ( - redirectHeader string = "X-Accel-Redirect" - maxRedirectCount int = 10 + redirectHeader string = "X-Accel-Redirect" + contentLengthHeader string = "Content-Length" + contentEncodingHeader string = "Content-Encoding" + maxRedirectCount int = 10 ) func isInternalRedirect(w http.ResponseWriter) bool { @@ -68,11 +70,12 @@ type internalResponseWriter struct { http.ResponseWriter } -// ClearHeader removes all header fields that are already set. +// ClearHeader removes script headers that would interfere with follow up +// redirect requests. func (w internalResponseWriter) ClearHeader() { - for k := range w.Header() { - w.Header().Del(k) - } + w.Header().Del(redirectHeader) + w.Header().Del(contentLengthHeader) + w.Header().Del(contentEncodingHeader) } // WriteHeader ignores the call if the response should be redirected to an diff --git a/caddyhttp/internalsrv/internal_test.go b/caddyhttp/internalsrv/internal_test.go index fa9e05b4..b519460a 100644 --- a/caddyhttp/internalsrv/internal_test.go +++ b/caddyhttp/internalsrv/internal_test.go @@ -7,6 +7,12 @@ import ( "testing" "github.com/mholt/caddy/caddyhttp/httpserver" + "strconv" +) + +const ( + internalProtectedData = "~~~protected-data~~~" + contentTypeOctetStream = "application/octet-stream" ) func TestInternal(t *testing.T) { @@ -30,6 +36,7 @@ func TestInternal(t *testing.T) { {"/cycle", http.StatusInternalServerError, ""}, } + var i int for i, test := range tests { req, err := http.NewRequest("GET", test.url, nil) if err != nil { @@ -48,15 +55,66 @@ func TestInternal(t *testing.T) { i, test.expectedBody, test.url, rec.Body.String()) } } + + { + req, err := http.NewRequest("GET", "/download", nil) + if err != nil { + t.Fatalf("Test %d: Could not create HTTP request: %v", i, err) + } + + rec := httptest.NewRecorder() + code, _ := im.ServeHTTP(rec, req) + + if code != 0 { + t.Errorf("Test %d: Expected status code %d for %s, but got %d", + i, 0, "/download", code) + } + if rec.Body.String() != internalProtectedData { + t.Errorf("Test %d: Expected body '%s' for %s, but got '%s'", + i, internalProtectedData, "/download", rec.Body.String()) + } + contentLength, err := strconv.Atoi(rec.Header().Get("Content-Length")) + if err != nil || contentLength != len(internalProtectedData) { + t.Errorf("Test %d: Expected content-length %d for %s, but got %d", + i, len(internalProtectedData), "/download", contentLength) + } + if val := rec.Header().Get("Content-Type"); val != contentTypeOctetStream { + t.Errorf("Test %d: Expected content-type '%s' header for %s, but got '%s'", + i, contentTypeOctetStream, "/download", val) + } + if val := rec.Header().Get("Content-Disposition"); val == "" { + t.Errorf("Test %d: Expected content-disposition header for %s", + i, "/download") + } + if val := rec.Header().Get("Content-Encoding"); val != "" { + t.Errorf("Test %d: Expected removal of content-encoding header for %s", + i, "/download") + } + } } func internalTestHandlerFunc(w http.ResponseWriter, r *http.Request) (int, error) { switch r.URL.Path { case "/redirect": w.Header().Set("X-Accel-Redirect", "/internal") + case "/cycle": w.Header().Set("X-Accel-Redirect", "/cycle") + + case "/download": + w.Header().Set("X-Accel-Redirect", "/internal/data") + w.Header().Set("Content-Disposition", "attachment; filename=test") + w.Header().Set("Content-Encoding", "magic") + w.Header().Set("Content-Length", "999") + + case "/internal/data": + w.WriteHeader(http.StatusOK) + w.Header().Set("Content-Type", contentTypeOctetStream) + w.Header().Set("Content-Length", strconv.Itoa(len(internalProtectedData))) + w.Write([]byte(internalProtectedData)) + return 0, nil } + w.WriteHeader(http.StatusOK) fmt.Fprintf(w, r.URL.String())